CVE-2025-50579 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation…
Medium CVSS: 5.3

CVE-2025-50579

A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a remote attacker-controlled server, potentially leading to unauthorized actions within the application.
Vendor
Jc21
Product
Nginx Proxy Manager
CWE
CWE-1259
Yayın Tarihi
2025-08-19 15:15:28
Güncelleme
2025-09-24 16:57:12
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-1259 Nginx Proxy Manager MEDIUM Jc21 2025

Referanslar

https://github.com/NginxProxyManager/nginx-proxy-manager https://github.com/NginxProxyManager/nginx-proxy-manager/issues/4509